aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls
diff options
context:
space:
mode:
authorDan Fandrich <dan@coneharvesters.com>2014-07-23 00:43:47 +0200
committerDan Fandrich <dan@coneharvesters.com>2014-07-23 00:52:56 +0200
commit713f96ee0c14d231d89f52f0ad0471336c147e97 (patch)
treee4a7b28a43756c76e46474a32176f2553b5146d3 /lib/vtls
parentcc52d776dd378733997f9a0d325cb10f627e3a34 (diff)
cyassl.c: return the correct error code on no CA cert
CyaSSL 3.0.0 returns a unique error code if no CA cert is available, so translate that into CURLE_SSL_CACERT_BADFILE when peer verification is requested.
Diffstat (limited to 'lib/vtls')
-rw-r--r--lib/vtls/cyassl.c16
1 files changed, 14 insertions, 2 deletions
diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c
index cf93e0ede..9e0c80e21 100644
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@@ -144,7 +144,7 @@ cyassl_connect_step1(struct connectdata *conn,
data->set.str[STRING_SSL_CAFILE],
data->set.str[STRING_SSL_CAPATH])) {
if(data->set.ssl.verifypeer) {
- /* Fail if we insiste on successfully verifying the server. */
+ /* Fail if we insist on successfully verifying the server. */
failf(data,"error setting certificate verify locations:\n"
" CAfile: %s\n CApath: %s",
data->set.str[STRING_SSL_CAFILE]?
@@ -154,7 +154,7 @@ cyassl_connect_step1(struct connectdata *conn,
return CURLE_SSL_CACERT_BADFILE;
}
else {
- /* Just continue with a warning if no strict certificate
+ /* Just continue with a warning if no strict certificate
verification is required. */
infof(data, "error setting certificate verify locations,"
" continuing anyway:\n");
@@ -299,6 +299,18 @@ cyassl_connect_step2(struct connectdata *conn,
}
#endif
}
+ else if(ASN_NO_SIGNER_E == detail) {
+ if(data->set.ssl.verifypeer) {
+ failf(data, "\tCA signer not available for verification\n");
+ return CURLE_SSL_CACERT_BADFILE;
+ }
+ else {
+ /* Just continue with a warning if no strict certificate
+ verification is required. */
+ infof(data, "CA signer not available for verification, "
+ "continuing anyway\n");
+ }
+ }
else {
failf(data, "SSL_connect failed with error %d: %s", detail,
ERR_error_string(detail, error_buffer));